syntax = "proto3";

package kuma.mesh.v1alpha1;

import "api/mesh/options.proto";
option go_package = "github.com/kumahq/kuma/api/mesh/v1alpha1";

import "api/mesh/v1alpha1/selector.proto";
import "kuma-doc/config.proto";

option (doc.config) = {
  type : Policy,
  name : "TrafficPermissions",
  file_name : "traffic-permissions"
};

// TrafficPermission defines permission for traffic between dataplanes.
message TrafficPermission {

  option (kuma.mesh.resource).name = "TrafficPermissionResource";
  option (kuma.mesh.resource).type = "TrafficPermission";
  option (kuma.mesh.resource).package = "mesh";
  option (kuma.mesh.resource).kds.send_to_zone = true;
  option (kuma.mesh.resource).ws.name = "traffic-permission";
  option (kuma.mesh.resource).allow_to_inspect = true;

  // List of selectors to match dataplanes that are sources of traffic.
  repeated Selector sources = 1 [ (doc.required) = true ];
  // List of selectors to match services that are destinations of traffic.
  repeated Selector destinations = 2 [ (doc.required) = true ];
}
